Cisco :: LMS 3.2.1 Compliance Template Range Statement

Jun 5, 2013

I am trying to create a very basic template in compliance manager that checks for interfaces that aren't members of specific VLANs. VLAN 10 being one of them.  I want to match interfaces assigned to VLAN 20.  According to the documentation I have read, the following range statement should work because 10 falls between 3 and 19:
 
Submode: interface [#.*Ethernet.*#]
- switchport access vlan [#[3-19]#]
 
With the preceeding statement, however, interfaces assigned to both VLAN 10 and VLAN 20 are matching the rule. With this specific rule (not a range), only interfaces w/VLAN 20 are processed by the template, which is expected.  We actually have numerous VLANs that we want to exclude/include.  I only mentioned VLANs 10 and 20 for brevity. 

View 1 Replies


ADVERTISEMENT

Cisco :: LMS 3.2 RME Compliance Template

Feb 3, 2013

Using LMS 3.2, I've started learning how to use the compliance templates.is there a regex to ignore case? For instance, if I have the line:

clock timezone est -5  in some configs, and
clock timezone EST -5  in others
 
is there a way to tell the template that upper case and lower case are acceptable matches?

View 1 Replies View Related

Cisco :: LMS 3.2 Compliance Template Syntax

Nov 2, 2011

I want to add the command "no logging event link-status" to all switchport mode access ports EXCEPT for the ones with the following switchport access vlans: 4022,4032,4042,4052,4072 & 4082. How do I create a compliance template to do this? LMS 3.2, RME 4.3.1

View 6 Replies View Related

Cisco WAN :: 800 Doesn't Route Map Statement

Feb 6, 2013

I'm trying to sort out someone else's 800 series router config IOS 12.2 that was just added onto for years and never cleaned up. There are about 10 route map statements near the end. As far as I can tell, only two are being used. Doesn't a route map statment have to be called(referenced) in another statement in order to actually be used such as either under an interface or in a nat statement?

View 2 Replies View Related

Cisco :: 4404 - Debug WLC ACL Denied Statement

Jul 11, 2012

how to debug an ACL I've created on a 4404 WLC, specifically I want to monitor what packets are being denied by the ACL as something that should be working isn't
 
I've created an explicit deny statement at the end of the ACL and verified that the counter increases each time I try the problem software update.
 
What I can't work out is how to get the WLC to tell me what packets are being denied by the explicit deny statement, all I can find are 'show acl' commands which just give me the counts.
 
The equivalent on a router would be debug ip packet acl and adding the log keyword onto an ACE. I suppose I could configure a SPAN session on the WLC uplink to the switch but that seems overkill?

View 2 Replies View Related

Cisco WAN :: 1841 / BGP / Unable To Announce Route Using The Network Statement

Jul 24, 2012

The host IP 84.204.x.x unable to announce through BGP
 
BGP configuration on Cisco 1841:
 
!
interface FastEthernet0.1201
encapsulation dot1Q 1201
ip address 172.18.11.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp

code]....

View 4 Replies View Related

Cisco VPN :: PIX501 / Binding Inside Nat Statement To Outermost Interface Error

May 13, 2013

I am having a problem w/ my PIX501 w/  "Cisco PIX Firewall Version 6.3(4)", upon issuing the command i get this WARNING, is this normal? because it works perfectly fine in version 7.2(2)..
 
THE ERROR:

PIX1(config)# nat (outside) 1 222.127.244.52 255.255.255.252
WARNING:  Binding inside nat statement to outermost interface.
WARNING:  Keyword "outside" is probably missing.
 
REFERENCE:

PIX1# sh nameif
nameif ethernet0 outside security0
nameif ethernet1 inside security100

View 2 Replies View Related

Cisco VPN :: 5520 - SSL And PCI Compliance

Feb 1, 2012

I am installing a new 5520 with IPS for a client, and they were asking about the PCI compliance of the SSL(WebVPN) being self signed.  I am not sure what document to find this information from under the PCI DSS.  There was also mention about dual authentication being needed, but without seeing the actual requirements, I am just guessing at it.
 
What is required for making SSL PCI compliant.

View 5 Replies View Related

AAA/Identity/Nac :: PCI DSS Compliance On ACS 5.0?

May 25, 2012

During our recent VA we were told that the below vulnerabilities are exist in the ACS SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability on port 443

SSL Weak Cipher Suites Supported on port 2030
 
SSL Medium Strength Cipher Suites Supported on port 2030

View 0 Replies View Related

Cisco :: Prime Inf 1.2 Configuration Compliance Tool?

Jan 27, 2013

working with a trial version of Cisco Prime 1.2.  I am looking for a Configuration Compliance tool.  I used it in Cisco Works LMS - but I dont see a way to do the same thing with Cisco Prime.

View 1 Replies View Related

Cisco :: 6500 IOS Switches - Compliance Management In LMS 3.2?

Oct 11, 2011

I'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?

View 1 Replies View Related

Cisco WAN :: CISPR11 Safety And Electromagnetic Compliance (EMC) Standards

Dec 17, 2012

I have a customer asking if Cisco supporst CISPR11 - Class B. All Cisco switches appear to support CISPR11 - Class A only. What is the difference? Is Class B supported?

View 0 Replies View Related

Cisco Firewall :: PCI Compliance Scanner Blocked By ASA 5510

May 9, 2011

We use SecurityMetrics as our vendor for PCI compliance scanning. Of all our servers, only the video server fails their scan, and this is their result: "This scan is inconclusive.  Though your server had open ports, we were unable to connect to any of them successfully.  There is a high probability that some type of firewall or scan-detection software is blocking us from accurately scanning your server. Please configure any firewall or software that would interfere with our scans to allow all traffic from SecurityMetrics" Our streaming video server is our only public-facing server that has port tcp/udp 1755 open (for the mms protocol). All our other servers behind this firewall pass the test, but they only have standard email and http ports open. I am assuming that their scan of port 1755 triggers some sort of threat detection on the ASA. (I have "Basic Threat Detection" enabled only.)

View 1 Replies View Related

Cisco :: Ciscoworks 3.2 RME Compliance Management With 802.1x Port Configuration

Nov 6, 2011

i am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration

View 1 Replies View Related

Cisco :: LMS 3.2 Checking Compliance For Single Access List

Apr 29, 2012

how to check compliance for only one access list in cisco works.
 
Example:
 
I want to run a compliance template that only check access-list 13 to make sure it has the following and nothing else:
 
access-list 13 permit 1.1.1.1
access-list 13 permit 10.1.0.0 0.0.0.127
 
If something else is listed, then I'll deploy the template and it will remove any other entry besided the two above.
 
I have tried a Global config compliance on + access-list 13 permit 1.1.1.1 and it comes back and says it's not compliant and wants to remove everything else, which is every other access list.  I have tried submodes thinking that it could check under ip access-list standard 13, but that didn't work either.

View 6 Replies View Related

Cisco Switching/Routing :: Catalyst 3550 PoE 802.3af Compliance?

Jan 5, 2012

confirm whether the Catalyst 3550 with IOS Rel. 12.2(44)SE is compliant with POE IEEE 802.3af?   I see some conflicting informaiton on Cisco's web site. Before Release 12.1(22)EA2, Catalyst 3550 PoE-capable switches (without intelligent power management support) caused high-power powered devices that supported intelligent power management to operate in low-power mode. Devices in low-power mode are not fully functional.
 
IEEE 802.3af—The major features of this standard are powered-device discovery, power administration, disconnect detection, and optional powered-device power classification. For more information, see the standard.

View 2 Replies View Related

Cisco Switching/Routing :: 2800 Series VPN And PCI Compliance

Aug 21, 2012

I'm trying to turn off SSH version 1 & 2 to pass PCI compliance. Problem is, I cannot touch the VPN link between the two offices. I'm afraid the PKI certificate used for the VPN will be deleted if i zeroize the RSA key which seems to be the only way to stop the router responding on port 22. 
 
Here is the stuff from the running config related to the crypto map: 
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[ code].....
 
I'm only CCNA so I'm not even sure if the certificate or RSA key is being used for the VPN link, but I can't tell from the running config that zeroizing it would be a good idea and not break the VPN. I'm open to other ways of disabling SSH, as we are able to just connect using a console cable. But it looks like denying port 22 with an access-list doesn't even stop the router from responding to the port.

View 6 Replies View Related

Linksys Wireless Router :: Wrvs4400n PCI Compliance / How To Set

Jan 13, 2012

I'm keep failing my pci compliance test I have a wrvs4400n and I keep getting "firewall udp packet source port 53 ruleset bypass" i've blocked port 53 but keep getting rejected. How to set the router?

View 1 Replies View Related

Cisco Wireless :: Aironet 1400 Bridge FIPS Compliance?

Aug 14, 2012

Is the Aironet 1400 bridge FIPS 140-2 compliance? Based on the Release 12.3(8)JA, the Cisco IOS software release 12.3(8)JA is undergoing FIPS 140-2 Level 2 validation. Does it mean it is FIPS 140-2 compliance with this software level to run on Aironet 1400 bridges? [URL]

View 1 Replies View Related

Linksys Wired Router :: PCI Compliance And SSL Ciphers On RV082?

Mar 22, 2009

I am trying to get our internal network PCI compliant and when I run a network scan from securitymetrics.com I receive the following message about our RV082 router.
 
Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also :[URL]: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium  / CVSS Base Score : 5.0
  
I have been googling many different search terms for ssl ciphers, rv082, and pci compliance but didn't see any solutions to this.  Any experience with ssl ciphers and how to use more secure ciphers?  I just performed a firmware upgrade to 1.3.98-tm in hopes that it would fix this issue.

View 2 Replies View Related

Cisco :: WCS 7.0 Cannot Edit AP Migration Template

Jun 24, 2010

Have upgraded WCS to 7.0 due to a Mesh network feature we needed, but now see I can no longer edit the AP migration templates. The interface allows me to create or delete them but the command dropdown box does not show an Edit option. So now for every AP I want to migrate I need to create a new template before I can select the AP's and migrate them. I still need to migrate about 220 APs....
 
Looking though the function it tells me to click on the Migration Template name. However neither in MS IE nor Firefox this works, there is no link activated.

View 7 Replies View Related

Cisco WAN :: ASR-1002 Base Configuration Template

Sep 13, 2012

I am working up a configuration template for an install I am doing in a couple weeks and wanted to take a look at the base config of an ASR1002. 

View 1 Replies View Related

Cisco Routers :: Configuration Template For SRP521W

Nov 3, 2010

Any recommendation for creating a configuration template for the SRP521W?  I can use the Admin-->Backup Config to get a xxx.cfg file, but I cannot edit it with notepad++. Also, i know the config can be view via view-source: [URL], but how would I load a modified copy of this back to the router?

View 8 Replies View Related

Website Template For Photography And Comments?

Nov 26, 2011

Me and some friends of mine talking about making a small website for us to share our photos together and be able to add comments under each photo, for example or even better with a simple forum. I have a bit experience making website, but we prefer to use web templates / packages for that also we would be able to add comments( built-in Code, no external links for those codes be needed). We prefer to have our website sure we know there are thousands of free photo-sharing websites out there.

View 2 Replies View Related

Cisco :: Where To Download Router Template On Packet Tracer

Oct 20, 2011

Asking about Packet Tracer. I currently use packet tracer 5.3.2.Can you give me any link where to download router template on packet tracer? I want to explore cisco 2821 but packet tracer 5.3.2 has an existing of cisco 2811 only then, I tried to add the 4 ports of RJ11 but I cannot see the 4 port telphone.

View 4 Replies View Related

Cisco :: PPPoE MTU Restriction Be Applied At Virtual Template

Aug 1, 2012

I get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?

View 6 Replies View Related

Cisco Wireless :: 5508 NCS WLAN Template Error

Aug 8, 2012

I am trying to apply WLAN template from NCS to two WLCs 5508 and I receive this message."Another WLAN with same SSID and either WPA1/ WPA2/ WPA1+WPA2 is enabled. Please change the Layer 2 security policy."The template has layer 2 security with WPA+WPA2 enable and 802.1x.I have other WLAN template with other name and other SSID with the same security policies with no problem to apply.

View 2 Replies View Related

Cisco WAN :: VPC Configuration Template With Two Core 6509 Switch

Jan 3, 2013

What is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.

View 3 Replies View Related

Cisco :: LMS4.1 SNMPV3 Configuration Template Required

Apr 6, 2013

Who can give me a SNMPv3 configuration template.I tried many times has been a problem

View 5 Replies View Related

Cisco :: Using Advanced Baseline Template To Push Change LMS 3.2.1

Oct 13, 2011

LMS 3.2.1, what is the correct baseline template syntax to accomplish the requirement 2:
 
Requirement 1
 
• Check if the router is running H323: You can do it looking for the command “h323-gateway voip interface”. If that command is found on a router then it is an H323 voice gateway
• Configure the global command: voice class h323 1
[Code]...

View 1 Replies View Related

Sharing :: Adding FTP To A Template Website Or Other Options?

May 3, 2012

The business i work for uses a "Do it myself" template for their website. (this is through their webhosting company). I can not add FTP to this website, we have to completely redo it with code and whatnot in order to have access to FTP. We would like users to download a template from our website (no problem) and then send us their artwork files back to us. These can be upwards of 150mb. Is there another option that i am not aware of to do this? Can't use email, has a limit of 25mb.

View 6 Replies View Related

Cisco Switching/Routing :: To Change SDM Template C3750 Stack

Feb 4, 2013

According to cisco manual in order to change SDM template i need to reboot switch, but when i have C3750-X stack do i need to reboot stack or maybe will be enough reboot in sequence the stack members?

View 3 Replies View Related

Cisco Wireless :: WCS 7.0172 Template Support For 2504 Controller?

Jun 11, 2013

I attempted to assign a User Roles template to a## 2504 controller and if failed with message stating controller version not supported. My current WCS version is 7.0172, if I upgrade to the lastest version will that resolve the template issue?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved